Google Git
Sign in
fuchsia / third_party / github.com / tpm2-software / tpm2-tss / refs/heads/upstream/3.0.x / . / .ci / coverity.run
blob: 0b393388192496d47718b9c586331e998294d638 [file] [log] [blame]
#!/usr/bin/env bash
# SPDX-License-Identifier: BSD-3-Clause
set -eo pipefail
# Override project to the old project name becuase coverity didn't understand the rename from
# 01org/TPM2.0-TSS to tpm2-software/tpm2-tss
export PROJECT='01org/TPM2.0-TSS'
echo "PROJECT=$PROJECT"
if [ -z "$COVERITY_SCAN_TOKEN" ]; then
echo "coverity.run invoked without COVERITY_SCAN_TOKEN set...exiting!"
exit 1
fi
if [ -z "$COVERITY_SUBMISSION_EMAIL" ]; then
echo "coverity.run invoked without COVERITY_SUBMISSION_EMAIL set...exiting!"
exit 1
fi
# Sanity check, this should only be executing on the coverity_scan branch
if [[ "$REPO_BRANCH" != *coverity_scan ]]; then
echo "coverity.run invoked for non-coverity branch $REPO_BRANCH...exiting!"
exit 1
fi
if [[ "$CC" == clang* ]]; then
echo "Coverity scan branch detected, not running with clang...exiting!"
exit 1
fi
# branch is coverity_scan
echo "Running coverity build"
# ensure coverity_scan tool is available to the container
# We cannot package these in the docker image, as we would be distributing their software
# for folks not coupled to our COVERITY_SCAN_TOKEN.
if [ ! -f "$(pwd)/cov-analysis/bin/cov-build" ]; then
curl --data-urlencode "project=$PROJECT" \
--data-urlencode "token=$COVERITY_SCAN_TOKEN" \
"https://scan.coverity.com/download/linux64" -o coverity_tool.tgz
stat coverity_tool.tgz
curl --data-urlencode "project=$PROJECT" \
--data-urlencode "token=$COVERITY_SCAN_TOKEN" \
--data-urlencode "md5=1" \
"https://scan.coverity.com/download/linux64" -o coverity_tool.md5
stat coverity_tool.md5
cat coverity_tool.md5
md5sum coverity_tool.tgz
echo "$(cat coverity_tool.md5)" coverity_tool.tgz | md5sum -c
echo "unpacking cov-analysis"
tar -xf coverity_tool.tgz
mv cov-analysis-* cov-analysis
fi
export PATH=$PATH:$(pwd)/cov-analysis/bin
echo "Which cov-build: $(which cov-build)"
pushd "$DOCKER_BUILD_DIR"
source ".ci/docker-prelude.sh"
echo "Performing build with Coverity Scan"
rm -rf cov-int
./bootstrap && ./configure --enable-debug && make clean
cov-build --dir $DOCKER_BUILD_DIR/cov-int make -j $(nproc)
echo "Collecting Coverity data for submission"
rm -fr README
AUTHOR="$(git log -1 $HEAD --pretty="%aN")"
AUTHOR_EMAIL="$(git log -1 $HEAD --pretty="%aE")"
VERSION="$(git rev-parse HEAD)"
echo "Name: $AUTHOR" >> README
echo "Email: $AUTHOR_EMAIL" >> README
echo "Project: $PROJECT" >> README
echo "Build-Version: $VERSION" >> README
echo "Description: $REPO_SLUG $REPO_BRANCH" >> README
echo "Submitted-by: $PROJECT CI" >> README
echo "---README---"
cat README
echo "---EOF---"
rm -f scan.tgz
tar -czf scan.tgz README cov-int
rm -rf README cov-int
# upload the results
echo "Testing for scan results..."
scan_file=$(stat --printf='%n' scan.tgz)
echo "Submitting data to Coverity"
curl --form token="$COVERITY_SCAN_TOKEN" \
--form email="$COVERITY_SUBMISSION_EMAIL" \
--form project="$PROJECT" \
--form file=@"$scan_file" \
--form version="$VERSION" \
--form description="$REPO_SLUG $REPO_BRANCH" \
"https://scan.coverity.com/builds?project=$PROJECT"
rm -rf scan.tgz
popd
exit 0